CVE-2021-25645

Published: May 10, 2021Modified: Nov 21, 2024

4.4

Vector

CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Exploitability: 0.8 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Couchbase Server before 6.0.5, 6.1.x through 6.5.x before 6.5.2, and 6.6.x before 6.6.1. An internal user with administrator privileges, @ns_server, leaks credentials in cleartext in the cbcollect_info.log, debug.log, ns_couchdb.log, indexer.log, and stats.log files. NOTE: updating the product does not automatically address leaks that occurred in the past.

Affected (3)

Products: Couchbase: Couchbase Server

1 product

Couchbase Server

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Couchbase Couchbase Server	Before 6.0.5
Couchbase Couchbase Server	From 6.1.0 to 6.5.2
Couchbase Couchbase Server	From 6.6.0 to 6.6.1

Related CWEs

Cleartext Storage of Sensitive Information

The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.

References (4)

https://www.couchbase.com/downloads

Source: cve@mitre.org

ProductVendor Advisory

https://www.couchbase.com/resources/security#SecurityAlerts

Source: cve@mitre.org

Vendor Advisory

https://www.couchbase.com/downloads

Source: af854a3a-2127-422b-91ae-364da2661108

ProductVendor Advisory

https://www.couchbase.com/resources/security#SecurityAlerts

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.